What is the severity of CVE-2023-42475?

The severity of CVE-2023-42475 is medium with a CVSS score of 4.3.

Which software versions are affected by CVE-2023-42475?

CVE-2023-42475 affects SAP S/4HANA versions 102, 103, 104, 105, 106, and 128.

How can I fix CVE-2023-42475?

To fix CVE-2023-42475, apply the recommended patches provided by SAP and update the affected SAP S/4HANA versions.

Where can I find more information about CVE-2023-42475?

You can find more information about CVE-2023-42475 in the SAP Notes 3222121 and the SAP document available at the provided reference links.

Vulnerability/
CVE-2023-42475

medium

4.3

CWE

200 209

10/10/2023

28/9/2024

CVE-2023-42475: Information Disclosure Vulnerability in Statutory Reporting

First published: Tue Oct 10 2023(Updated: )

The Statutory Reporting application has a vulnerable file storage location, potentially enabling low privileged attacker to read server files with minimal impact on confidentiality.

Credit: cna@sap.com cna@sap.com

Affected Software	Affected Version	How to fix
Sap S\/4hana	=102
Sap S\/4hana	=103
Sap S\/4hana	=104
Sap S\/4hana	=105
Sap S\/4hana	=106
Sap S\/4hana	=128

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2023-42475?
The severity of CVE-2023-42475 is medium with a CVSS score of 4.3.
How does CVE-2023-42475 impact the confidentiality of the server files?
CVE-2023-42475 enables a low privileged attacker to read server files with minimal impact on confidentiality.
Which software versions are affected by CVE-2023-42475?
CVE-2023-42475 affects SAP S/4HANA versions 102, 103, 104, 105, 106, and 128.
How can I fix CVE-2023-42475?
To fix CVE-2023-42475, apply the recommended patches provided by SAP and update the affected SAP S/4HANA versions.
Where can I find more information about CVE-2023-42475?
You can find more information about CVE-2023-42475 in the SAP Notes 3222121 and the SAP document available at the provided reference links.

collector/nvd-index
agent/references
agent/author
agent/type
agent/softwarecombine
agent/title
agent/severity
agent/first-publish-date
agent/tags
collector/mitre-cve
source/MITRE
agent/weakness
agent/last-modified-date
agent/event
agent/description
collector/nvd-api
source/NVD
agent/software-canonical-lookup
vendor/sap
canonical/sap s\/4hana
version/sap s\/4hana/102
version/sap s\/4hana/103
version/sap s\/4hana/104
version/sap s\/4hana/105
version/sap s\/4hana/106
version/sap s\/4hana/128

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.